[Zope] truncations in form input due to quotes problem
J Cameron Cooper
jccooper@jcameroncooper.com
Wed, 05 Feb 2003 18:29:27 -0600
>
>
>I have some HTML forms that feed their data to a ZSQL method for
>insertion into a database.. I've been having a problem with the input to
>the fields getting truncated.. I think this is due to quotes in the
>input text.. Does anyone have a solution to this problem? Its common for
>people to use quotes in the input to HTML forms..
>
>
DTML in SQL statements needs to use either <dtml-var whatever sql_quote>
or <dtml-sqlvar whatever> to properly escape characters such as double
quotes. See the DTML reference for specifics.
--jcc